-
Notifications
You must be signed in to change notification settings - Fork 3
/
cspm_codes.txt
748 lines (748 loc) · 18 KB
/
cspm_codes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
1000: usersMfaEnabled
1001: passwordNoReuse
1002: passwordExpiry
1003: passwordBlockLogon
1004: ramPolicyAttachments
1005: openSSH
1006: openRDP
1007: openDNS
1008: openCIFS
1009: openDocker
1010: openPostgreSQL
1011: openElasticsearch
1012: openFTP
1013: openHadoopNameNode
1014: openHadoopNameNodeWebUI
1015: openKibana
1016: openMySQL
1017: openNetBIOS
1018: openOracle
1019: dataDisksEncrypted
1020: bucketLoggingEnabled
1021: ossBucketPrivate
1022: rdsLogDuration
1023: rdsSslEncryptionEnabled
1024: actiontrailGlobalExportLogs
1025: noNetworkGatewaysInUse
1026: virtualNetworkPeering
1027: noGatewayConnections
1028: managedNatGateway
1029: vmDailyBackupRetention
1030: vmBackupsEnabled
1031: premiumSsdDisabled
1032: autoscaleNotificationsEnabled
1033: instantRestoreRetention
1034: desiredSkuSize
1035: approvedVmExtension
1036: guestLevelDiagnosticsEnabled
1037: oldVmDiskSnapshots
1038: vmAdAuthenticationEnabled
1039: performanceDiagnosticsEnabled
1040: vmBootDiagnosticsEnabled
1041: scaleSetHealthMonitoring
1042: diskByokEncryptionEnabled
1043: autoFailoverGroupsEnabled
1044: remoteDebuggingDisabled
1045: alwaysOnEnabled
1046: usersEmailVerified
1047: postgresqlLogMinError
1048: postgresqlLogTempFiles
1049: postgresqlLogMinDuration
1050: sqlNoPublicIps
1051: sqlCrossDbOwnership
1052: sqlContainedDatabaseAuth
1053: bucketUniformAccess
1054: accessKeysRotation
1055: openCustomPorts
1056: openOracleAutoDataWarehouse
1057: openSalt
1058: openSMTP
1059: openSMBoTCP
1060: openSQLServer
1061: openTelnet
1062: openVNCClient
1063: openVNCServer
1064: rdsAuditingEnabled
1065: rdsPublicAccess
1070: elbv2SslTermination
1071: minimumTlsVersion
1072: sslAccessOnlyEnabled
1073: monitorLogsEnabled
1074: monitorExternalAccounts
1075: monitorIpForwarding
1076: monitorNextGenerationFirewall
1077: monitorSubscriptionOwners
1078: certificateExpiry
1079: dnsLoggingEnabled
1080: instancePublicAccess
1081: instanceDefaultServiceAccount
1082: shieldedVmEnabled
1083: instanceDeletionProtection
1084: keyProtectionLevel
1085: postgresqlMaxConnections
1086: mysqlSlowQueryLog
1087: storageAutoIncreaseEnabled
1088: serverCertificateRotation
1089: datasetAllUsersPolicy
1090: topicEncryption
1091: openAllPortsProtocols
1092: systemDisksEncrypted
1093: bucketPayByRequester
1094: ossBucketVersioning
1095: ossBucketTransferAcceleration
1096: bucketCrossRegionReplication
1097: rdsLogConnectionEnabled
1098: rdsLogDisconnectionsEnabled
1099: rdsSqlAuditRetentionPeriod
10: openSMTP
1100: rdsTdeEnabled
1101: snsCrossAccount
1106: accessAnalyzerEnabled
1107: outdatedAmiInUse
1108: esCrossAccountAccess
1109: esClusterStatus
1110: esDedicatedMasterEnabled
1111: esDesiredInstanceTypes
1112: esTlsVersion
1113: esDomainEncryptionEnabled
1114: eventBusCrossAccountAccess
1115: iamSupportPolicy
1116: iamUserInUse
1117: privacyProtection
1118: senderPolicyFwInUse
1119: senderPolicyFwRecordPresent
1120: transferPrivateLinkInUse
1121: instanceDesiredMachineTypes
1122: automaticRestartEnabled
1123: instanceTemplateMachineTypes
1124: shieldedNodes
1125: integrityMonitoringEnabled
1126: secureBootEnabled
1127: nodeEncryption
1128: clusterEncryption
1129: dataflowHangedJobs
1130: dataflowJobsEncryption
1131: deleteExpiredDeployments
1132: instanceNodeCount
1133: ossBucketLifecycle
1134: bucketCmkEncrypted
1135: apiProtocol
1136: networkPolicyEnabled
11: openDNS
124: accessKeysRotated
125: accessKeysLastUsed
12: openRPC
13: openNetBIOS
14: openSMBoTCP
159: accessKeysExtra
15: openCIFS
160: emptyGroups
16: openSQLServer
17: openRDP
18: openMySQL
19: openPostgreSQL
1: cloudtrailBucketDelete
20: openVNCClient
21: openVNCServer
22: certificateExpiry
232: bucketAllUsersPolicy
233: rdsRestorable
234: domainAutoRenew
235: domainTransferLock
236: domainExpiry
237: rdsEncryptionEnabled
238: rdsAutomatedBackups
239: rdsPubliclyAccessible
23: insecureCiphers
240: sshKeysRotated
241: kmsKeyRotation
242: cloudtrailFileValidation
243: passwordExpiration
244: passwordRequiresLowercase
245: passwordRequiresNumbers
246: passwordRequiresUppercase
247: rootAccountInUse
248: noUserIamPolicies
249: cloudtrailToCloudwatch
24: minPasswordLength
250: configServiceEnabled
251: cloudtrailBucketAccessLogging
252: cloudtrailEncryption
253: cloudtrailBucketPrivate
254: flowLogsEnabled
255: defaultSecurityGroup
256: publicS3Origin
25: passwordRequiresSymbols
26: maxPasswordAge
27: passwordReusePrevention
280: vpcMultipleSubnets
281: dkimEnabled
282: publicAmi
283: topicPolicies
284: secureOrigin
285: monitoringMetrics
286: lambdaOldRuntimes
287: redshiftEncryptionEnabled
288: redshiftPubliclyAccessible
289: insecureProtocols
28: rootMfaEnabled
290: instanceIamRole
291: encryptedAmi
292: asgMultiAz
293: cloudfrontHttpsOnly
294: elbHttpsOnly
295: elbLoggingEnabled
296: rdsMultiAz
297: openAllPortsProtocols
298: cloudfrontLoggingEnabled
299: ebsEncryptionEnabled
29: rootAccessKeys
2: cloudtrailEnabled
300: bucketVersioning
301: subnetIpAvailability
302: iamUserAdmins
303: sqsCrossAccount
304: sqsEncrypted
305: elbNoInstances
307: usersPasswordLastUsed
308: natMultiAz
30: usersMfaEnabled
310: bucketLogging
311: defaultVpcInUse
314: openOracle
315: bucketAllUsersAcl
319: kmsKeyPolicy
31: classicInstances
323: kmsDefaultKeyUsage
324: instanceMaxCount
325: acmValidation
334: storageAccountsHttps
335: storageAccountsEncryption
336: blobServiceImmutable
337: vmAgentEnabled
338: vmDiskOSEncryption
339: vmDiskDataEncryption
340: vmEndpointProtection
341: vmAutoUpdateEnabled
343: dynamoKmsEncryption
344: transferLoggingEnabled
345: fileServiceAllAccessAcl
348: tableServiceAllAccessAcl
349: queueServiceAllAccessAcl
350: sqlServerFirewallRuleEnabled
351: openSSH
352: openOracleAutoDataWarehouse
353: openAllPortsProtocols
354: openRPC
355: openRDP
356: openVNCServer
357: openVNCClient
358: openTelnet
359: openSMBoTCP
360: openOracle
361: openPostgreSQL
362: openNetBIOS
363: openMySQL
364: openFTP
365: openCIFS
366: openDNS
367: openSQLServer
368: virtualNetworkRuleEnabled
369: openKibana
370: openHadoopNameNode
371: openHadoopNameNodeWebUI
372: rdsLoggingEnabled
373: monitorDiskEncryption
374: lambdaPublicAccess
375: efsEncryptionEnabled
382: identityEnabled
383: httpsOnlyEnabled
384: orgPlanLimit
385: orgDefaultPermission
386: orgMfaRequired
387: orgExcessiveOwners
388: gpgKeysRotated
389: publicKeysRotated
390: userMfaEnabled
391: userPrivateEmails
392: repoDeployKeysRotated
393: repoOutsideCollaborators
394: workgroupEncrypted
395: workgroupEnforceConfiguration
396: openSMTP
397: openOracle
398: openKibana
399: openHadoopNameNode
3: elasticIpLimit
400: openHadoopNameNodeWebUI
401: openFTP
402: openSSH
403: openCIFS
404: openDNS
405: openRDP
406: openTelnet
407: openVNCServer
408: openVNCClient
409: openMySQL
410: openNetBIOS
411: openPostgreSQL
412: openRPC
413: openSMBoTCP
414: openSQLServer
415: networkAccessDefaultAction
416: blobContainersPrivateAccess
417: pythonVersion
418: clientCertEnabled
419: netFrameworkVersion
420: authEnabled
421: http20Enabled
422: appWhitelistingEnabled
423: detectInsecureCustomOrigin
424: defaultSecurityGroup
425: monitorVMVulnerability
426: monitorSQLEncryption
427: monitorSQLAuditing
428: openAllPorts
429: usersMfaEnabled
430: passwordRequiresLowercase
431: passwordRequiresNumbers
432: passwordRequiresSymbols
433: passwordRequiresUppercase
434: minPasswordLength
435: emptyGroups
436: defaultSecurityList
437: lbHttpsOnly
438: lbNoInstances
439: instanceKeyBasedLogin
442: openDNS
443: openSSH
444: openCIFS
445: openFTP
446: openHadoopNameNode
447: openHadoopNameNodeWebUI
448: openKibana
449: openMySQL
450: openNetBIOS
451: openOracle
452: openPostgreSQL
453: openRDP
454: openRPC
455: openSMBoTCP
456: openSMTP
457: openSQLServer
458: openTelnet
459: openVNCClient
460: openVNCServer
461: openOracleAutoDataWarehouse
462: multipleSubnets
463: defaultVpcInUse
464: instanceMaxCount
465: instancesMultiAz
466: keyRotation
467: dbRestorable
468: dbAutomatedBackups
469: dbMultiAz
470: dbPubliclyAccessible
471: bucketVersioning
473: bucketLogging
475: clbHttpsOnly
485: shieldAdvancedEnabled
488: shieldEmergencyContacts
490: shieldProtections
498: logStorageEncryption
499: logContainerPublicAccess
4: vpcElasticIpLimit
501: nsgLogAnalyticsEnabled
502: logProfileArchiveData
503: securityConfigMonitoring
504: resourceAllowedLocations
505: resourceLocationMatch
507: tdeProtectorEncrypted
509: keyExpirationEnabled
510: monitorBlobEncryption
511: rbacEnabled
512: eksKubernetesVersion
513: eksLoggingEnabled
514: eksPrivateEndpoint
515: eksSecurityGroups
518: openHadoopNameNode
519: openHadoopNameNodeWebUI
520: openKibana
521: openSMTP
522: bucketPublicAccessType
523: ecrRepositoryPolicy
525: monitorEndpointProtection
526: endpointLoggingEnabled
527: excessivePolicies
528: excessivePolicyStatements
529: wafPublicIpEnabled
530: nfsPublicAccess
531: excessiveFirewallRules
532: openAllPorts
533: clbNoInstances
536: iamRolePolicies
539: rdsSnapshotEncryption
541: instanceMonitoringEnabled
542: autoscaleEnabled
543: instancePoolMultiAD
544: multipleSubnets
545: subnetMultiAd
546: dbBackupEnabled
547: cloudfrontWafEnabled
548: elbWafEnabled
550: instanceMaxCount
551: bootVolumeTransitEncryption
552: bootVolumeRestorable
553: bootVolumeBackupEnabled
554: excessiveSecurityLists
555: preAuthRequestsExpiry
556: preAuthRequestsAccess
557: blockVolumeRestorable
558: blockVolumeBackupEnabled
559: volumeGroupsRestorable
560: logRetentionPeriod
561: flowLogsEnabled
562: autoscaleEnabled
563: serviceLimits
564: privateEndpoint
565: monitoringEnabled
567: fileServiceEncryption
568: blobServiceEncryption
569: trustedMsAccessEnabled
570: managementLockEnabled
571: multipleSubnets
572: vmInstanceLimit
573: classicInstances
574: vmAvailabilitySetLimit
575: lbLogAnalyticsEnabled
576: kvLogAnalyticsEnabled
577: logProfileRetentionPolicy
578: securityPolicyAlertsEnabled
579: nsgLoggingEnabled
580: securitySolutionLogging
581: monitorSystemUpdates
582: monitorJitNetworkAccess
583: adminSecurityAlertsEnabled
584: securityContactsEnabled
585: monitorNsgEnabled
586: networkWatcherEnabled
588: excessiveSecurityGroups
589: resourceUsageLimit
590: advancedDataSecurityEnabled
591: noPublicAccess
592: javaVersion
593: phpVersion
594: tlsVersionCheck
596: dbAuditingEnabled
597: sqlDbMultiAz
598: dbRestorable
599: lbHttpsOnly
5: instanceLimit
600: lbNoInstances
601: kvRecoveryEnabled
602: statelessSecurityRules
603: lbNSGEnabled
604: dbPrivateSubnetOnly
605: dbNSGEnabled
606: usersPasswordAndKeys
608: rootHardwareMfa
612: storageAccountsAADEnabled
613: vmAvailabilitySetEnabled
614: scaleSetMultiAz
615: scaleSetAutoscaleEnabled
616: autoProvisioningEnabled
617: logRetentionDays
618: connectionThrottlingEnabled
619: logDurationEnabled
620: logDisconnectionsEnabled
621: logConnectionsEnabled
622: logCheckpointsEnabled
623: openOracleAutoDataWarehouse
624: auditRetentionPolicy
625: auditActionGroupsEnabled
626: serverAuditingEnabled
627: passwordRequiresLowercase
628: passwordRequiresNumbers
629: passwordRequiresSymbols
630: passwordRequiresUppercase
631: minPasswordLength
632: instancePolicyProtection
633: policyLeastPrivilege
634: objectPolicyProtection
635: nfsPolicyProtection
636: dbPolicyProtection
637: blockPolicyProtection
638: privateAccessEnabled
639: instanceLevelSSHOnly
640: instanceLeastPrivilege
641: ipForwardingDisabled
642: connectSerialPortsDisabled
643: csekEncryptionEnabled
644: bucketAllUsersPolicy
645: clbSecurityPolicyEnabled
646: clbCDNEnabled
647: dnsSecEnabled
649: bucketEncryption
651: enforceMySQLSSLConnection
652: enforcePostgresSSLConnection
653: emailAccountAdminsEnabled
654: sendAlertsEnabled
655: aksLatestVersion
656: acrAdminUser
657: ensureNoGuestUser
658: esPublicEndpoint
659: esEncryptedDomain
660: esNodeToNodeEncryption
661: esLoggingEnabled
662: esUpgradeAvailable
663: esHttpsOnly
667: nsgRuleLoggingEnabled
668: policyAssignmentLogging
669: highSeverityAlertsEnabled
670: standardPricingEnabled
671: azureADAdminEnabled
672: noCustomOwnerRoles
673: secretExpirationEnabled
675: dnsSecSigningAlgorithm
678: osLoginEnabled
679: dbSSLEnabled
680: serviceAccountKeyRotation
681: serviceAccountManagedKeys
682: clusterLeastPrivilege
684: projectOwnershipLogging
685: storagePermissionsLogging
686: sqlConfigurationLogging
687: auditConfigurationLogging
688: customRoleLogging
689: vpcFirewallRuleLogging
690: vpcNetworkRouteLogging
691: vpcNetworkLogging
692: ec2MetadataOptions
697: aliasIpRangesEnabled
698: legacyAuthorizationDisabled
699: masterAuthorizedNetwork
6: excessiveSecurityGroups
700: clusterLabelsAdded
701: webDashboardDisabled
702: defaultServiceAccount
703: cosImageEnabled
704: autoNodeRepairEnabled
705: autoNodeUpgradesEnabled
706: networkPolicyEnabled
707: podSecurityPolicyEnabled
709: anyHostRootAccess
710: serviceAccountAdmin
711: serviceAccountUser
712: serviceAccountSeparation
713: kmsUserSeparation
715: auditLoggingEnabled
716: logSinksEnabled
719: privateClusterEnabled
723: bucketWebsiteEnabled
726: loggingEnabled
728: corporateEmailsOnly
730: basicAuthenticationDisabled
733: ssmActiveOnAllInstances
734: ssmAgentLatestVersion
735: instanceVcpusLimit
739: defaultVpcExists
741: bucketPublicAccessBlock
742: guardDutyEnabled
743: guardDutyMaster
744: ecrRepositoryTagImmutability
749: bucketEnforceEncryption
750: dmsEncryptionEnabled
760: elbv2LoggingEnabled
761: elbv2HttpsOnly
762: elbv2NoInstances
763: elbv2WafEnabled
765: openSalt
767: openSalt
768: openSalt
773: openDocker
775: openDocker
776: openDocker
777: openSalt
778: openDocker
782: esRequireIAMAuth
784: rdsMinorVersionUpgrade
785: lambdaLogGroups
787: plainTextParameters
788: launchWizardSecurityGroups
789: vpcEndpointAcceptance
791: emptyASG
792: iamRoleLastUsed
793: rootSigningCertificate
795: sqlServerTLSVersion
797: asgActiveNotifications
798: asgMissingELB
799: volumeEncryption
7: openFTP
800: outputResultEncryption
801: daxClusterEncryption
802: ebsUnusedVolumes
803: managedPlatformUpdates
804: groupInlinePolicies
807: sameAzElb
808: asgSuspendedProcesses
809: cloudtrailObjectLock
810: unassociatedElasticIp
811: elbv2DeletionProtection
812: emrEncryptionInTransit
813: emrEncryptionAtRest
814: esExposedDomain
815: crossAccountMfaExtIdAccess
817: bucketSecureTransportEnabled
818: topicCmkEncrypted
820: aksAgentVersion
826: containerInventory
830: webTierAsgAssociatedElb
831: elbHealthCheckActive
832: appTierAsgCloudwatchLogs
833: webTierAsgCloudwatchLogs
834: asgMissingSecurityGroups
835: webTierIamRole
836: appTierIamRole
837: securityGroupRfc1918
838: openCustomPorts
839: allowedCustomPorts
840: publicIpAddress
841: iamUserUnauthorizedToEdit
843: rdsCmkEncryptionEnabled
844: rdsTransportEncryption
845: topicEncrypted
846: sqsPublicAccess
847: ssmAgentAutoUpdateEnabled
848: redshiftClusterCmkEncrypted
849: redshiftSSLEnabled
854: openOracleAutoDataWarehouse
865: apigatewayWafEnabled
866: cloudtrailDataEvents
867: cloudtrailDeliveryFailing
868: cloudtrailS3Bucket
869: globalLoggingDuplicated
870: appTierInstanceIamRole
871: ebsSnapshotLifecycle
872: ebsOldSnapshots
873: ebsSnapshotPublic
874: vpcEndpointExposed
875: unusedEni
876: unusedAmi
877: unusedVpcInternetGateways
878: managedNatGateway
879: unusedVirtualPrivateGateway
880: webTierInstanceIamRole
881: efsCmkEncrypted
882: elbv2MinimumTargetInstances
883: elbv2NlbListenerSecurity
884: emrClusterLogging
885: esAccessFromIps
886: kmsAppTierCmk
887: danglingDnsRecords
888: auditLoggingEnabled
889: redshiftAllowVersionUpgrade
890: userActivityLoggingEnabled
891: apigatewayCertificateRotation
892: apigatewayPrivateEndpoints
893: apigatewayContentEncoding
894: apigatewayTracingEnabled
895: detailedCloudWatchMetrics
896: apigatewayClientCertificate
897: appTierAsgApprovedAmi
898: webTierAsgApprovedAmi
899: dynamoContinuousBackups
8: openSSH
900: vpcEndpointCrossAccount
901: vpcPeeringConnections
902: ebsDefaultEncryptionEnabled
903: vpcSubnetInstancesPresent
904: vpnTunnelState
905: networkAclOutboundTraffic
906: eksSecretsEncrypted
907: appTierElbSecurity
908: glueS3EncryptionEnabled
909: dataCatalogCmkEncrypted
910: bookmarkEncryptionEnabled
911: iamMasterManagerRoles
912: trustedCrossAccountRoles
913: bucketPolicyCloudFrontOai
914: bucketTransferAcceleration
915: bucketDnsCompliantName
916: sqsDeadLetterQueue
917: queueUnprocessedMessages
918: lambdaAdminPrivileges
919: envVarsClientSideEncryption
920: lambdaTracingEnabled
921: logRetentionPeriod
922: redshiftClusterInVpc
923: redshiftClusterDefaultPort
924: redshiftClusterMasterUsername
925: snapshotRetentionPeriod
926: redshiftNodesCount
927: redshiftUnusedReservedNodes
928: redshiftDesiredNodeType
929: workspacesVolumeEncryption
930: workspacesIpAccessControl
931: stackFailedStatus
932: driftDetection
933: stackTerminationProtection
934: stackNotifications
935: apigatewayCloudwatchLogs
936: cloudtrailManagementEvents
937: devOpsGuruNotificationEnabled
938: crosszoneLoadBalancing
939: classicELBInUse
940: connectionDrainingEnabled
941: elbv2DeregistrationDelay
942: glueCloudwatchLogsEncrypted
943: dataCatalogEncryptionEnabled
944: iamDbAuthenticationEnabled
945: rdsDeletionProtectionEnabled
946: bucketLifecycleConfiguration
947: webServerPublicAccess
948: environmentAdminPrivileges
949: secretRotationEnabled
950: secretsManagerEncrypted
951: blobSoftDeletionEnabled
952: ddosStandardProtectionEnabled
953: storageAutoGrowthEnabled
954: activeDirectoryAdminEnabled
955: geoRedundantBackupEnabled
956: sqlServerTlsVersion
957: cosmosPublicAccessDisabled
958: automaticFailoverEnabled
959: openCassandra
960: openMongo
961: openMsSQL
962: openRedis
963: bucketRetentionPolicy
964: kubernetesAlphaDisabled
965: ebsBackupEnabled
966: advancedThreatProtection
972: iamPoliciesPresent
973: codebuildValidSourceProviders
974: codestarValidRepoProviders
976: vmManagedDisks
977: autoInstanceRepairsEnabled
978: noEmptyScaleSets
979: acceleratedNetworkingEnabled
980: passwordAuthDisabled
981: approvedVmImage
982: autoOsUpgradesEnabled
983: noUnattachedDisks
984: nsgFlowLogsRetentionPeriod
985: serverPrivateEndpoints
986: automaticTuningEnabled
987: pitrBackupEnabled
988: postgresqlLogLockWaits
989: mysqlLocalInfile
990: postgresqlLogConnections
991: postgresqlLogDisconnections
992: postgresqlLogCheckpoints
994: passwordMinLength
995: passwordRequiresNumbers
996: passwordRequiresSymbols
997: passwordRequiresLowercase
998: inactiveUserDisabled
999: passwordRequiresUppercase
9: openTelnet